Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-24241 |
4.3 (3.1)
|
NVIDIA Delegated Licensing Service for all applia… |
NVIDIA |
DLS component of NVIDIA License System |
2026-02-24T18:42:56.703Z | 2026-02-24T21:26:40.416Z |
| CVE-2025-33181 |
7.3 (3.1)
|
NVIDIA Cumulus Linux and NVOS products contain a … |
NVIDIA |
Cumulus Linux GA |
2026-02-24T18:42:04.490Z | 2026-02-24T21:29:14.387Z |
| CVE-2025-33180 |
8 (3.1)
|
NVIDIA Cumulus Linux and NVOS products contain a … |
NVIDIA |
Cumulus Linux GA |
2026-02-24T18:41:48.632Z | 2026-02-24T21:31:41.482Z |
| CVE-2025-33179 |
8 (3.1)
|
NVIDIA Cumulus Linux and NVOS products contain a … |
NVIDIA |
Cumulus Linux GA |
2026-02-24T18:41:32.821Z | 2026-02-24T18:41:32.821Z |
| CVE-2026-26342 |
8.7 (4.0)
|
Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient … |
Tattile s.r.l. |
Smart+ |
2026-02-24T18:41:09.935Z | 2026-02-24T18:41:09.935Z |
| CVE-2026-26341 |
9.3 (4.0)
|
Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials |
Tattile s.r.l. |
Smart+ |
2026-02-24T18:40:54.212Z | 2026-02-24T21:33:18.810Z |
| CVE-2026-26340 |
8.7 (4.0)
|
Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticat… |
Tattile s.r.l. |
Smart+ |
2026-02-24T18:40:35.393Z | 2026-02-24T21:34:06.523Z |
| CVE-2026-3105 |
7.6 (3.1)
|
SQL Injection in Contact Activity API Sorting |
Mautic |
Mautic |
2026-02-24T18:39:03.352Z | 2026-02-24T18:39:03.352Z |
| CVE-2026-26222 |
10 (4.0)
|
DocLink .NET Remoting Unauthenticated Arbitrary File R… |
Beyond Limits Inc. |
Altec DocLink |
2026-02-24T17:33:12.136Z | 2026-02-24T17:36:46.668Z |
| CVE-2026-25603 |
6.6 (3.1)
|
Path Traversal vulnerability in Linksys MR9600, Linksy… |
Linksys |
MR9600 |
2026-02-24T17:14:36.141Z | 2026-02-24T18:13:33.449Z |
| CVE-2026-27468 |
4.8 (4.0)
|
Mastodon may allow unconfirmed FASP to make subscriptions |
mastodon |
mastodon |
2026-02-24T17:12:40.349Z | 2026-02-24T17:12:40.349Z |
| CVE-2025-14963 |
6.2 (4.0)
|
A vulnerability identified in the Trellix HX Agen… |
Trellix |
Endpoint HX Agent (xAgent) |
2026-02-24T17:11:06.812Z | 2026-02-24T17:11:06.812Z |
| CVE-2026-27156 |
6.1 (3.1)
|
NiceGUI has XSS via Code Injection |
zauberzeug |
nicegui |
2026-02-24T17:00:21.628Z | 2026-02-24T17:00:21.628Z |
| CVE-2025-62512 |
5.5 (4.0)
|
Piwigo Vulnerable to User Enumeration via Password Res… |
Piwigo |
Piwigo |
2026-02-24T16:43:28.919Z | 2026-02-24T16:43:28.919Z |
| CVE-2024-48928 |
2.7 (4.0)
|
Piwigo's secret key can be brute forced |
Piwigo |
Piwigo |
2026-02-24T16:39:56.944Z | 2026-02-24T16:39:56.944Z |
| CVE-2026-27590 |
8.9 (4.0)
|
Caddy: Unicode case-folding length expansion causes in… |
caddyserver |
caddy |
2026-02-24T16:33:41.353Z | 2026-02-24T16:33:41.353Z |
| CVE-2026-27589 |
6.9 (4.0)
|
Caddy vulnerable to cross-origin config application vi… |
caddyserver |
caddy |
2026-02-24T16:30:52.016Z | 2026-02-24T16:31:35.510Z |
| CVE-2026-27588 |
7.7 (4.0)
|
Caddy: MatchHost becomes case-sensitive for large host… |
caddyserver |
caddy |
2026-02-24T16:28:28.106Z | 2026-02-24T16:28:28.106Z |
| CVE-2026-27587 |
7.7 (4.0)
|
Caddy: MatchPath %xx (escaped-path) branch skips case … |
caddyserver |
caddy |
2026-02-24T16:26:40.222Z | 2026-02-24T16:26:40.222Z |
| CVE-2026-27586 |
8.8 (4.0)
|
Caddy's mTLS client authentication silently fails open… |
caddyserver |
caddy |
2026-02-24T16:08:20.569Z | 2026-02-24T16:08:20.569Z |
| CVE-2026-27585 |
6.9 (4.0)
|
Caddy's improper sanitization of glob characters in fi… |
caddyserver |
caddy |
2026-02-24T16:06:05.030Z | 2026-02-24T16:06:05.030Z |
| CVE-2026-27571 |
5.9 (3.1)
|
nats-server websockets are vulnerable to pre-auth memory DoS |
nats-io |
nats-server |
2026-02-24T15:59:17.926Z | 2026-02-24T15:59:17.926Z |
| CVE-2025-13776 |
8.6 (4.0)
|
Hard-coded database credentials in Finka software |
TIK-SOFT |
Finka-FK |
2026-02-24T15:58:30.096Z | 2026-02-24T15:58:30.096Z |
| CVE-2025-47904 |
5.7 (4.0)
|
Unsigned upgrade package |
Microchip |
Time Provider 4100 |
2026-02-24T15:34:20.905Z | 2026-02-24T15:34:20.905Z |
| CVE-2026-27521 |
6.9 (4.0)
6.5 (3.1)
|
Binardat 10G08-0800GSM Network Switch Missing Login Ra… |
Binardat Ltd. |
10G08-0800GSM Network Switch |
2026-02-24T15:08:14.170Z | 2026-02-24T15:08:14.170Z |
| CVE-2026-27520 |
8.7 (4.0)
7.5 (3.1)
|
Binardat 10G08-0800GSM Network Switch Base64-encoded P… |
Binardat Ltd. |
10G08-0800GSM Network Switch |
2026-02-24T15:07:41.085Z | 2026-02-24T15:07:41.085Z |
| CVE-2026-27519 |
8.7 (4.0)
7.5 (3.1)
|
Binardat 10G08-0800GSM Network Switch Hard-coded RC4 E… |
Binardat Ltd. |
10G08-0800GSM Network Switch |
2026-02-24T15:07:10.410Z | 2026-02-24T15:07:10.410Z |
| CVE-2026-27518 |
5.1 (4.0)
4.3 (3.1)
|
Binardat 10G08-0800GSM Network Switch CSRF |
Binardat Ltd. |
10G08-0800GSM Network Switch |
2026-02-24T15:06:39.513Z | 2026-02-24T15:06:39.513Z |
| CVE-2026-27517 |
5.1 (4.0)
5.4 (3.1)
|
Binardat 10G08-0800GSM Network Switch XSS |
Binardat Ltd. |
10G08-0800GSM Network Switch |
2026-02-24T15:06:08.974Z | 2026-02-24T15:06:08.974Z |
| CVE-2026-27516 |
8.6 (4.0)
8.1 (3.1)
|
Binardat 10G08-0800GSM Network Switch Plaintext Passwo… |
Binardat Ltd. |
10G08-0800GSM Network Switch |
2026-02-24T15:05:12.384Z | 2026-02-24T15:05:12.384Z |
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-xjhv-v822-pf94 |
6.9 (4.0)
|
Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future | 2026-02-24T20:44:46Z | 2026-02-24T20:44:46Z |
| ghsa-5r3v-vc8m-m96g |
8.9 (4.0)
|
Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transport | 2026-02-24T20:39:08Z | 2026-02-24T20:39:08Z |
| ghsa-879p-475x-rqh2 |
6.9 (4.0)
|
Caddy is vulnerable to cross-origin config application via local admin API /load | 2026-02-24T20:37:35Z | 2026-02-24T20:37:35Z |
| ghsa-x76f-jf84-rqj8 |
7.7 (4.0)
|
Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth… | 2026-02-24T20:34:01Z | 2026-02-24T20:34:01Z |
| ghsa-g7pc-pc7g-h8jh |
7.7 (4.0)
|
Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth… | 2026-02-24T20:31:31Z | 2026-02-24T20:31:31Z |
| ghsa-hffm-g8v7-wrv7 |
8.8 (4.0)
|
Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed | 2026-02-24T20:22:53Z | 2026-02-24T20:22:53Z |
| ghsa-4xrr-hq4w-6vf4 |
6.9 (4.0)
|
Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security prot… | 2026-02-24T20:16:55Z | 2026-02-24T20:16:56Z |
| ghsa-m2cq-xjgm-f668 |
9.2 (4.0)
|
ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints | 2026-02-24T20:13:30Z | 2026-02-24T20:13:30Z |
| ghsa-hhfx-5x8j-f5f6 |
6.5 (3.1)
|
Payload: Server-Side Request Forgery (SSRF) in External File URL Uploads | 2026-02-24T20:10:32Z | 2026-02-24T20:10:32Z |
| ghsa-4894-xqv6-vrfq |
8.8 (3.1)
|
MindsDB: Path Traversal in /api/files Leading to Remote Code Execution | 2026-02-24T20:07:58Z | 2026-02-24T20:07:59Z |
| ghsa-vxg3-v4p6-f3fp |
6.9 (4.0)
|
Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause | 2026-02-24T20:03:23Z | 2026-02-24T20:03:23Z |
| ghsa-78qv-3mpx-9cqq |
6.1 (3.1)
8.6 (4.0)
|
NiceGUI vulnerable to XSS via Code Injection during client-side element function execution | 2026-02-24T19:56:18Z | 2026-02-24T19:56:18Z |
| ghsa-gfvx-3cf3-5x6x |
10.0 (4.0)
|
Altec DocLink (now maintained by Beyond Limits Inc.) version 4.0.336.0 exposes insecure .NET Remoti… | 2026-02-24T18:31:03Z | 2026-02-24T18:31:03Z |
| ghsa-8fr6-83vj-w7xh |
6.2 (4.0)
|
A vulnerability identified in the Trellix HX Agent driver file fekern.sys allowed a threat actor w… | 2026-02-24T18:31:03Z | 2026-02-24T18:31:03Z |
| ghsa-6xhx-53c5-f9qr |
6.6 (3.1)
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lin… | 2026-02-24T18:31:03Z | 2026-02-24T21:31:45Z |
| ghsa-xjw5-9f76-gvpv |
7.5 (3.1)
8.7 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-xfph-w5p7-mhh4 |
5.4 (3.1)
5.1 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-vrfc-p4p2-v8r2 |
|
Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authe… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-m84g-fpm8-mqg8 |
7.5 (3.1)
8.7 (4.0)
|
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user passwo… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-jj9w-3m27-jg69 |
8.1 (3.1)
8.6 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwor… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-hjg3-g5mq-q5qp |
8.6 (4.0)
|
Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances o… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-gvwq-qfp3-3pvf |
8.8 (3.1)
8.7 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command i… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-gmfh-mhfh-2g3q |
4.3 (3.1)
5.1 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protectio… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-9wv6-vw4x-jjg6 |
5.7 (4.0)
|
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malic… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-7c8p-f6jq-w42v |
9.8 (3.1)
9.3 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded … | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-69fx-mvcm-v5g3 |
9.1 (3.1)
9.3 (4.0)
|
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictabl… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-4r4r-4jp4-wwf9 |
|
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Executi… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-3547-c34m-73j3 |
6.5 (3.1)
6.9 (4.0)
|
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement ra… | 2026-02-24T18:31:02Z | 2026-02-24T18:31:02Z |
| ghsa-qrvq-68c2-7grw |
5.9 (3.1)
|
nats-server websockets are vulnerable to pre-auth memory DoS | 2026-02-24T16:04:53Z | 2026-02-24T16:04:53Z |
| ghsa-9fww-8cpr-q66r |
6.1 (3.1)
|
Isso affected by Stored XSS via comment website field | 2026-02-24T16:03:04Z | 2026-02-24T16:03:04Z |
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2025-56 |
4.3 (3.1)
|
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up t… | octoprint | 2025-04-22T18:15:59+00:00 | 2025-06-27T17:22:53.513680+00:00 |
| pysec-2025-41 |
9.8 (3.1)
|
PyTorch is a Python package that provides tensor computation with strong GPU acceleration… | torch | 2025-04-18T16:15:23+00:00 | 2025-05-28T15:23:37.843138+00:00 |
| pysec-2025-35 |
7.5 (3.1)
|
Weblate is a web based localization tool. Prior to version 5.11, when creating a new comp… | weblate | 2025-04-15T21:16:04+00:00 | 2025-04-30T17:22:51.467257+00:00 |
| pysec-2025-32 |
9.8 (3.1)
|
BentoML is a Python library for building online serving systems optimized for AI apps and… | bentoml | 2025-04-09T16:15:25+00:00 | 2025-04-22T19:21:34.073355+00:00 |
| pysec-2025-36 |
9.8 (3.1)
|
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/valida… | langflow | 2025-04-07T15:15:44+00:00 | 2025-05-07T19:22:44.993642+00:00 |
| pysec-2025-16 |
7.5 (3.1)
|
LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vu… | lnbits | 2025-04-06T20:15:15+00:00 | 2025-04-09T17:27:25.872691+00:00 |
| pysec-2025-14 |
|
An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normal… | django | 2025-04-02T13:15:44+00:00 | 2025-04-09T17:27:25.169049+00:00 |
| pysec-2025-48 |
9.8 (3.1)
|
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessm… | mobsf | 2025-03-31T17:15:42+00:00 | 2025-06-12T22:23:10.476087+00:00 |
| pysec-2025-17 |
5.5 (3.1)
|
In mlflow/mlflow version 2.18, an admin is able to create a new user account without sett… | mlflow | 2025-03-20T10:15:54+00:00 | 2025-04-09T17:27:26.322333+00:00 |
| pysec-2025-57 |
|
A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthent… | zenml | 2025-03-20T10:15:48+00:00 | 2025-06-27T17:22:55.175431+00:00 |
| pysec-2025-10 |
9.1 (3.1)
|
A vulnerability in the `download_model` function of the onnx/onnx framework, before and i… | onnx | 2025-03-20T10:15:37+00:00 | 2025-03-26T19:21:38.843396+00:00 |
| pysec-2025-11 |
5.9 (3.1)
|
A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index reposi… | llama-index | 2025-03-20T10:15:31+00:00 | 2025-04-01T23:22:47.294256+00:00 |
| pysec-2025-9 |
|
A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through… | invokeai | 2025-03-20T10:15:26+00:00 | 2025-03-20T11:21:37.872971+00:00 |
| pysec-2025-63 |
|
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Whe… | vllm | 2025-03-19T16:15:32+00:00 | 2025-07-01T23:22:49.176005+00:00 |
| pysec-2025-8 |
|
The `pygments-style-solarized` project was removed from PyPI by its owner on 2021-08-26. … | pygments-style-solarized | 2025-03-17T16:35:37+00:00 | |
| pysec-2025-22 |
9.8 (3.1)
|
A vulnerability, that could result in Remote Code Execution (RCE), has been found in Plot… | plotai | 2025-03-10T14:15:24+00:00 | 2025-04-09T17:27:27.203714+00:00 |
| pysec-2025-21 |
9.8 (3.1)
|
picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model arch… | picklescan | 2025-03-10T12:15:12+00:00 | 2025-04-09T17:27:27.016747+00:00 |
| pysec-2025-20 |
6.5 (3.1)
|
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes i… | picklescan | 2025-03-10T12:15:10+00:00 | 2025-04-09T17:27:26.966215+00:00 |
| pysec-2025-13 |
|
An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2… | django | 2025-03-06T19:15:27+00:00 | 2025-04-09T17:27:25.095679+00:00 |
| pysec-2025-23 |
|
Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Inform… | ray | 2025-03-06T05:15:16+00:00 | 2025-04-09T17:27:27.434099+00:00 |
| pysec-2025-19 |
9.8 (3.1)
|
picklescan before 0.0.22 only considers standard pickle file extensions in the scope for … | picklescan | 2025-03-03T19:15:34+00:00 | 2025-04-09T17:27:26.916350+00:00 |
| pysec-2025-25 |
6.5 (3.1)
|
Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middle… | rembg | 2025-03-03T17:15:14+00:00 | 2025-04-09T17:27:27.532849+00:00 |
| pysec-2025-24 |
7.5 (3.1)
|
Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove… | rembg | 2025-03-03T17:15:14+00:00 | 2025-04-09T17:27:27.486485+00:00 |
| pysec-2025-15 |
5.3 (3.1)
|
Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilde… | flask-appbuilder | 2025-03-03T16:15:41+00:00 | 2025-04-09T17:27:25.227116+00:00 |
| pysec-2025-66 |
|
Improper privilege management in a REST interface allowed registered users to access unau… | streampipes | 2025-03-03T11:15:11+00:00 | 2025-07-08T15:23:46.628375+00:00 |
| pysec-2025-7 |
|
Published in 2021, the imblog package is a Python library that scrapes data from a blog p… | imblog | 2025-02-26T21:19:19+00:00 | |
| pysec-2025-6 |
|
Published in 2021, the colabrun package is a Python library that exfiltrates user cookies… | colabrun | 2025-02-26T20:59:48+00:00 | |
| pysec-2025-5 |
|
Published in 2020, the autodzee package is a Python library that bypasses Deezer API rest… | browsercmdhbt2 | 2025-02-26T20:57:11+00:00 | |
| pysec-2025-3 |
|
Published in 2019, the autodzee package is a Python library that bypasses Deezer API rest… | autodzee | 2025-02-26T20:54:20+00:00 | |
| pysec-2025-4 |
|
Published in 2019, the automslc package is a Python library that bypasses Deezer API rest… | automslc | 2025-02-26T19:26:49+00:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2026-997 | Malicious code in npm-security-testing (npm) | 2026-02-23T02:20:31Z | 2026-02-23T04:21:34Z |
| mal-2026-998 | Malicious code in rbxm-tools (npm) | 2026-02-23T02:14:37Z | 2026-02-23T04:21:35Z |
| mal-2026-986 | Malicious code in en-thrift-internal (npm) | 2026-02-22T21:50:01Z | 2026-02-23T04:21:32Z |
| mal-2026-985 | Malicious code in conduit-utils (npm) | 2026-02-22T20:45:43Z | 2026-02-23T04:21:32Z |
| mal-2026-994 | Malicious code in vl-ui-code-preview (npm) | 2026-02-22T20:44:05Z | 2026-02-23T04:21:36Z |
| mal-2026-995 | Malicious code in vl-ui-contact-card (npm) | 2026-02-22T20:34:24Z | 2026-02-23T04:21:36Z |
| mal-2026-988 | Malicious code in vl-ui-action-group (npm) | 2026-02-22T20:34:16Z | 2026-02-23T04:21:36Z |
| mal-2026-992 | Malicious code in vl-ui-button (npm) | 2026-02-22T20:34:14Z | 2026-02-23T04:21:36Z |
| mal-2026-991 | Malicious code in vl-ui-breadcrumb (npm) | 2026-02-22T20:34:10Z | 2026-02-23T04:21:36Z |
| mal-2026-990 | Malicious code in vl-ui-body (npm) | 2026-02-22T20:34:10Z | 2026-02-23T04:21:36Z |
| mal-2026-993 | Malicious code in vl-ui-checkbox (npm) | 2026-02-22T20:34:08Z | 2026-02-23T04:21:36Z |
| mal-2026-987 | Malicious code in vl-ui-accessibility (npm) | 2026-02-22T20:10:05Z | 2026-02-23T04:21:36Z |
| mal-2026-989 | Malicious code in vl-ui-alert (npm) | 2026-02-22T19:59:59Z | 2026-02-23T04:21:36Z |
| mal-2026-984 | Malicious code in myasicapi (PyPI) | 2026-02-22T19:42:08Z | 2026-02-22T19:42:08Z |
| mal-2026-983 | Malicious code in tensorflow-opt (PyPI) | 2026-02-22T16:53:45Z | 2026-02-22T16:53:45Z |
| mal-2026-982 | Malicious code in trunket-dev-driver (PyPI) | 2026-02-22T14:51:28Z | 2026-02-22T14:51:28Z |
| mal-2026-981 | Malicious code in dt-fe-t2d-marketplace (npm) | 2026-02-22T07:22:23Z | 2026-02-23T04:21:32Z |
| mal-2026-980 | Malicious code in the-storyverse (npm) | 2026-02-22T06:15:43Z | 2026-02-23T04:21:36Z |
| mal-2026-979 | Malicious code in home-robot (PyPI) | 2026-02-22T04:48:51Z | 2026-02-22T04:48:51Z |
| mal-2026-978 | Malicious code in microsoft-cms-client (npm) | 2026-02-21T17:38:28Z | 2026-02-23T04:21:34Z |
| mal-2026-977 | Malicious code in airbnb-identity (PyPI) | 2026-02-20T19:56:56Z | 2026-02-20T19:56:56Z |
| mal-2026-975 | Malicious code in azure-postgresql-auth (npm) | 2026-02-20T17:55:01Z | 2026-02-23T04:21:31Z |
| mal-2026-976 | Malicious code in rollup-plugin-polyfill-swc (npm) | 2026-02-20T17:35:46Z | 2026-02-23T04:21:35Z |
| mal-2026-967 | Malicious code in parse-compat (npm) | 2026-02-20T16:59:56Z | 2026-02-23T04:21:35Z |
| mal-2026-972 | Malicious code in uudi (npm) | 2026-02-20T16:59:55Z | 2026-02-23T04:21:36Z |
| mal-2026-969 | Malicious code in scan-store (npm) | 2026-02-20T16:59:55Z | 2026-02-23T04:21:35Z |
| mal-2026-964 | Malicious code in naniod (npm) | 2026-02-20T16:59:55Z | 2026-02-23T04:21:34Z |
| mal-2026-963 | Malicious code in locale-loader-pro (npm) | 2026-02-20T16:59:55Z | 2026-02-23T04:21:34Z |
| mal-2026-957 | Malicious code in detect-cache (npm) | 2026-02-20T16:59:55Z | 2026-02-23T04:21:32Z |
| mal-2026-955 | Malicious code in crypto-locale (npm) | 2026-02-20T16:59:55Z | 2026-02-23T04:21:32Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| bit-postgresql-2026-2005 | PostgreSQL pgcrypto heap buffer overflow executes arbitrary code | 2026-02-16T16:03:36.943Z | 2026-02-16T16:32:40.318Z |
| bit-postgresql-2026-2004 | PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code | 2026-02-16T16:03:32.935Z | 2026-02-16T16:32:40.318Z |
| bit-postgresql-2026-2003 | PostgreSQL oidvector discloses a few bytes of memory | 2026-02-16T16:03:27.354Z | 2026-02-16T16:32:40.318Z |
| bit-pillow-2026-25990 | Pillow has an out-of-bounds write when loading PSD images | 2026-02-16T16:02:06.871Z | 2026-02-16T16:32:40.318Z |
| bit-pip-2026-1703 | Limited path traversal when installing wheel archives | 2026-02-16T15:59:06.080Z | 2026-02-16T16:32:40.318Z |
| bit-dotnet-2026-21218 | .NET Spoofing Vulnerability | 2026-02-16T15:58:16.593Z | 2026-02-16T16:32:40.318Z |
| bit-moodle-2025-67857 | Moodle: moodle: data exposure of user identifiers in urls | 2026-02-12T08:51:13.591Z | 2026-02-12T09:10:24.600Z |
| bit-moodle-2025-67856 | Moodle: moodle: privilege escalation via incomplete role checks in badge awarding | 2026-02-12T08:51:12.105Z | 2026-02-12T09:10:24.600Z |
| bit-moodle-2025-67855 | Mooodle: mooodle: information disclosure and script execution via reflected cross-site scripting | 2026-02-12T08:51:10.563Z | 2026-02-12T09:10:24.600Z |
| bit-moodle-2025-67853 | Moodle: moodle: brute-force facilitation due to missing rate limiting in confirmation email service | 2026-02-12T08:51:08.996Z | 2026-02-12T09:10:24.600Z |
| bit-moodle-2025-67852 | Moodle: moodle: open redirect vulnerability in oauth login flow allows redirection to malicious sites. | 2026-02-12T08:51:07.525Z | 2026-02-12T09:10:24.600Z |
| bit-moodle-2025-67851 | Moodle: moodle: formula injection allows arbitrary formula execution via unescaped data export | 2026-02-12T08:51:05.950Z | 2026-02-12T09:10:24.600Z |
| bit-moodle-2025-67850 | Moodle: moodle: cross-site scripting vulnerability via inadequate input filtering in formula editor | 2026-02-12T08:51:04.289Z | 2026-02-12T09:10:24.600Z |
| bit-moodle-2025-67849 | Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses | 2026-02-12T08:51:02.532Z | 2026-02-12T09:10:24.600Z |
| bit-moodle-2025-67848 | Moodle: moodle: authentication bypass via lti provider allows suspended users to gain unauthorized access. | 2026-02-12T08:51:00.880Z | 2026-02-12T09:10:24.600Z |
| bit-airflow-2026-24098 | Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors | 2026-02-12T08:39:03.920Z | 2026-02-12T09:10:24.600Z |
| bit-airflow-2026-22922 | Apache Airflow: Airflow externalLogUrl Permission Bypass | 2026-02-12T08:39:02.281Z | 2026-02-12T09:10:24.600Z |
| bit-nginx-2026-1642 | 2026-02-10T18:00:00.000Z | 2026-02-10T18:00:00.000Z | |
| bit-golang-2025-68121 | Unexpected session resumption in crypto/tls | 2026-02-10T10:05:16.474Z | 2026-02-11T09:09:18.507Z |
| bit-prestashop-2026-25597 | PrestaShop has a time based enumeration in FO login form | 2026-02-10T10:02:58.336Z | 2026-02-10T10:34:11.934Z |
| bit-golang-2025-61732 | Potential code smuggling via doc comments in cmd/cgo | 2026-02-10T08:48:31.170Z | 2026-02-10T09:16:50.296Z |
| bit-checkov-2021-3040 | Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution | 2026-02-09T11:36:28.864Z | 2026-02-09T12:10:11.303Z |
| bit-checkov-2021-3035 | Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution | 2026-02-09T11:36:27.254Z | 2026-02-09T12:10:11.303Z |
| bit-mastodon-2026-25540 | Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`) | 2026-02-06T08:46:33.665Z | 2026-02-06T09:20:48.186Z |
| bit-golang-2025-22873 | Improper access to parent directory of root in os | 2026-02-06T08:45:38.334Z | 2026-02-06T09:20:48.186Z |
| bit-gitlab-2026-1751 | Missing Authorization in GitLab | 2026-02-05T09:09:05.467Z | 2026-02-05T09:10:30.960Z |
| bit-django-2026-1312 | Potential SQL injection via QuerySet.order_by and FilteredRelation | 2026-02-05T08:38:43.002Z | 2026-02-05T09:10:30.960Z |
| bit-django-2026-1287 | Potential SQL injection in column aliases via control characters | 2026-02-05T08:38:41.246Z | 2026-02-05T09:10:30.960Z |
| bit-django-2026-1285 | Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods | 2026-02-05T08:38:39.228Z | 2026-02-05T09:10:30.960Z |
| bit-django-2026-1207 | Potential SQL injection via raster lookups on PostGIS | 2026-02-05T08:38:37.158Z | 2026-02-05T09:10:30.960Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| cleanstart-2026-jn44153 | Security fixes for GHSA-f6x5-jh6r-wrfv, GHSA-gx3x-vq4p-mhhv, GHSA-j5w8-q4qc-rx2x applied in versions: 1.18.0-r0, 1.19.0-r1 | 2026-02-06T00:39:29.662228Z | 2026-02-05T12:20:16Z |
| cleanstart-2026-bz58799 | Within HostnameError | 2026-02-06T00:39:29.590361Z | 2026-02-05T12:20:16Z |
| cleanstart-2026-xr99875 | Security fixes for GHSA-389x-839f-4rhx, GHSA-3p8m-j85q-pgmj, GHSA-5jpm-x58v-624v, GHSA-84h7-rjj3-6jx4, GHSA-fghv-69vj-qj49, GHSA-jq43-27x9-3v86, GHSA-qqpg-mvqg-649v applied in versions: 0.1.109-r0, 0.1.113-r1 | 2026-02-03T16:02:30.597873Z | 2026-02-03T11:13:56Z |
| cleanstart-2026-fc21713 | Cancelling a query (e | 2026-02-03T16:02:29.570272Z | 2026-02-03T11:13:56Z |
| cleanstart-2026-my73913 | Security fixes for GHSA-r6j8-c6r2-37rr applied in versions: 4.12.1-r0 | 2026-02-03T16:02:28.659120Z | 2026-02-03T11:13:56Z |
| cleanstart-2026-nb26505 | Security fixes for GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x applied in versions: 4.5.1-r0 | 2026-02-03T16:02:27.744077Z | 2026-02-03T11:13:56Z |
| cleanstart-2026-am95501 | When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11 | 2026-02-03T00:37:00.849369Z | 2026-02-02T12:32:10Z |
| cleanstart-2026-cc08655 | Security fixes for GHSA-f6x5-jh6r-wrfv, GHSA-j5w8-q4qc-rx2x applied in versions: 0.8.4-r0 | 2026-02-03T00:36:29.405423Z | 2026-02-02T12:32:10Z |
| cleanstart-2026-wi17406 | Redis is an open source, in-memory database that persists on disk | 2026-01-30T17:35:28.375848Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-yt18139 | issue was discovered in libexpat before 2 | 2026-01-30T17:26:57.202658Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-pb78859 | ParseAddress function constructs domain-literal address components through repeated string concatenation | 2026-01-30T17:25:56.763674Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-hj04971 | vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT | 2026-01-30T17:21:56.808972Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-hf39630 | potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf | 2026-01-30T17:20:56.632450Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-nf19624 | ParseAddress function constructs domain-literal address components through repeated string concatenation | 2026-01-30T17:20:26.466437Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-ht23337 | flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm | 2026-01-30T17:15:56.746125Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-zz61324 | Hunspell 1 | 2026-01-30T17:14:26.562334Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-zc18474 | PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access | 2026-01-30T17:04:56.559720Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-yb44027 | Moby is an open-source project created by Docker for software containerization | 2026-01-30T17:04:26.396860Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-dn29911 | attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing | 2026-01-30T16:57:26.436107Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-hl71566 | excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate | 2026-01-30T16:50:56.129322Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-tk38210 | Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate | 2026-01-30T16:46:25.995358Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-sb25660 | net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines | 2026-01-30T16:44:27.197226Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-pz62650 | Cancelling a query (e | 2026-01-30T16:41:55.453512Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-lz10721 | Within HostnameError | 2026-01-30T16:40:55.517816Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-hj34439 | Go before 1 | 2026-01-30T16:39:55.415446Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-iy17697 | excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate | 2026-01-30T16:37:55.497960Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-oj15484 | SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process | 2026-01-30T16:37:55.388839Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-on38469 | Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate | 2026-01-30T16:37:25.667594Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-qd78411 | SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process | 2026-01-30T16:36:25.408698Z | 2026-01-29T18:58:54Z |
| cleanstart-2026-vv68546 | Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate | 2026-01-30T16:35:55.883570Z | 2026-01-29T18:58:54Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| drupal-contrib-2025-106 | 2025-09-24T17:16:20.000Z | 2025-09-24T17:16:20.000Z | |
| drupal-contrib-2025-105 | 2025-09-03T16:15:48.000Z | 2025-09-03T16:15:48.000Z | |
| drupal-contrib-2025-104 | 2025-08-27T17:20:41.000Z | 2025-08-27T17:20:41.000Z | |
| drupal-contrib-2025-103 | 2025-08-27T17:20:16.000Z | 2025-08-27T17:20:16.000Z | |
| drupal-contrib-2025-102 | 2025-08-27T17:20:11.000Z | 2025-08-27T17:20:11.000Z | |
| drupal-contrib-2025-101 | 2025-08-27T17:19:59.000Z | 2025-09-03T18:55:46.000Z | |
| drupal-contrib-2025-100 | 2025-08-27T17:19:45.000Z | 2025-08-27T17:23:11.000Z | |
| drupal-contrib-2025-099 | 2025-08-27T17:19:24.000Z | 2025-08-27T17:19:24.000Z | |
| drupal-contrib-2025-098 | 2025-08-27T17:19:14.000Z | 2025-08-27T17:19:14.000Z | |
| drupal-contrib-2025-097 | 2025-08-13T17:33:34.000Z | 2025-09-03T18:53:10.000Z | |
| drupal-contrib-2025-096 | 2025-08-13T17:33:24.000Z | 2025-08-13T20:10:05.000Z | |
| drupal-contrib-2025-095 | 2025-08-06T16:50:43.000Z | 2025-08-06T16:50:43.000Z | |
| drupal-contrib-2025-094 | 2025-07-30T16:31:23.000Z | 2025-07-30T16:31:23.000Z | |
| drupal-contrib-2025-093 | 2025-07-30T16:30:44.000Z | 2025-07-30T16:30:44.000Z | |
| drupal-contrib-2025-092 | 2025-07-23T17:10:19.000Z | 2025-07-23T17:10:19.000Z | |
| drupal-contrib-2025-091 | 2025-07-16T16:46:49.000Z | 2025-07-17T14:42:36.000Z | |
| drupal-contrib-2025-090 | 2025-07-16T16:46:26.000Z | 2025-07-16T16:46:26.000Z | |
| drupal-contrib-2025-089 | 2025-07-16T16:46:08.000Z | 2025-07-16T16:46:08.000Z | |
| drupal-contrib-2025-088 | 2025-07-09T16:37:40.000Z | 2025-11-22T09:22:47.000Z | |
| drupal-contrib-2025-087 | 2025-07-09T16:37:27.000Z | 2025-07-09T16:37:27.000Z | |
| drupal-contrib-2025-086 | 2025-07-02T17:37:13.000Z | 2025-07-02T17:37:13.000Z | |
| drupal-contrib-2025-085 | 2025-07-02T17:37:03.000Z | 2025-07-02T17:37:03.000Z | |
| drupal-contrib-2025-084 | 2025-06-25T18:43:00.000Z | 2025-06-25T18:43:00.000Z | |
| drupal-contrib-2025-083 | 2025-06-25T18:42:38.000Z | 2025-06-25T18:42:38.000Z | |
| drupal-contrib-2025-082 | 2025-06-25T18:42:17.000Z | 2025-06-25T18:42:17.000Z | |
| drupal-contrib-2025-081 | 2025-06-25T18:42:06.000Z | 2025-06-26T18:17:29.000Z | |
| drupal-contrib-2025-080 | 2025-06-25T18:41:56.000Z | 2025-06-25T18:41:56.000Z | |
| drupal-contrib-2025-079 | 2025-06-25T18:41:34.000Z | 2025-06-25T18:41:34.000Z | |
| drupal-contrib-2025-078 | 2025-06-25T18:41:20.000Z | 2025-06-25T18:41:20.000Z | |
| drupal-contrib-2025-077 | 2025-06-25T18:41:06.000Z | 2025-06-25T18:41:06.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2026-000010 | Command injection vulnerability in ASUS routers | 2026-01-23T15:22+09:00 | 2026-01-23T15:22+09:00 |
| jvndb-2026-001663 | "iRMC S5/S6" implemented in PRIMERGY vulnerable to incorrect authorization | 2026-01-23T11:29+09:00 | 2026-01-23T11:29+09:00 |
| jvndb-2026-001662 | Multiple vulnerabilities in Trend Micro Apex Central (January 2026) | 2026-01-23T11:29+09:00 | 2026-01-23T11:29+09:00 |
| jvndb-2026-000009 | Installer of Fujitsu ServerView Agents for Windows may insecurely load Dynamic Link Libraries | 2026-01-21T15:17+09:00 | 2026-01-21T15:17+09:00 |
| jvndb-2026-000008 | Ruijie Networks AP180 series vulnerable to OS command injection | 2026-01-21T15:17+09:00 | 2026-01-21T15:17+09:00 |
| jvndb-2026-001582 | Security information for Hitachi Disk Array Systems | 2026-01-21T12:11+09:00 | 2026-01-21T12:11+09:00 |
| jvndb-2026-001578 | ETERNUS SF vulnerable to insertion of sensitive information into maintenance data | 2026-01-20T20:00+09:00 | 2026-01-20T20:00+09:00 |
| jvndb-2026-001380 | Multiple vulnerabilities in Canon Small Office Multifunction Printers and Laser Printers | 2026-01-19T10:08+09:00 | 2026-01-19T10:08+09:00 |
| jvndb-2026-000007 | Multiple Vulnerabilities in TOA Network Cameras TRIFORA 3 series | 2026-01-16T15:06+09:00 | 2026-01-16T15:06+09:00 |
| jvndb-2026-000006 | Chainlit vulnerable to improper access restriction | 2026-01-14T17:03+09:00 | 2026-01-14T17:03+09:00 |
| jvndb-2026-000005 | Multiple vulnerabilities in EATON UPS Companion | 2026-01-13T19:01+09:00 | 2026-01-13T19:01+09:00 |
| jvndb-2026-000003 | RICOH Streamline NX vulnerable to improper authorization | 2026-01-09T18:17+09:00 | 2026-01-09T18:17+09:00 |
| jvndb-2026-000004 | The installers for multiple PIONEER products may insecurely load Dynamic Link Libraries | 2026-01-08T13:47+09:00 | 2026-01-08T13:47+09:00 |
| jvndb-2026-000001 | Origin validation error vulnerability in Fujitsu Security Solution AuthConductor Client Basic V2 | 2026-01-07T14:19+09:00 | 2026-01-07T14:19+09:00 |
| jvndb-2026-000002 | Multiple vulnerabilities in multiple NEC branded projectors manufactured by Sharp Display Solutions, Ltd. | 2026-01-07T14:10+09:00 | 2026-01-14T16:54+09:00 |
| jvndb-2026-001001 | Authentication bypass vulnerability in OpenBlocks series | 2026-01-07T10:46+09:00 | 2026-01-07T10:46+09:00 |
| jvndb-2025-022878 | Media Player MP-01 vulnerable to Missing Authentication for Critical Function | 2025-12-24T11:10+09:00 | 2026-01-15T11:10+09:00 |
| jvndb-2025-022400 | Ruijie Networks AP180 Series vulnerable to OS command injection | 2025-12-19T12:33+09:00 | 2025-12-19T12:33+09:00 |
| jvndb-2025-000118 | GROWI vulnerable to cross-site request forgery | 2025-12-17T13:04+09:00 | 2025-12-17T13:04+09:00 |
| jvndb-2025-022062 | Multiple vulnerabilities in CHOCO TEI WATCHER mini | 2025-12-17T11:28+09:00 | 2025-12-17T11:28+09:00 |
| jvndb-2025-000117 | SEIKO EPSON printer Web Config vulnerable to stack-based buffer overflow | 2025-12-16T15:31+09:00 | 2025-12-23T11:57+09:00 |
| jvndb-2025-000115 | QND vulnerable to privilege escalation | 2025-12-11T14:33+09:00 | 2025-12-11T14:33+09:00 |
| jvndb-2025-021305 | Android App "Brother iPrint&Scan" improper use of an external cache directory | 2025-12-09T17:25+09:00 | 2025-12-09T17:25+09:00 |
| jvndb-2025-000114 | ELECOM Clone for Windows registers a Windows service with an unquoted file path | 2025-12-09T17:16+09:00 | 2025-12-09T17:16+09:00 |
| jvndb-2025-000113 | Multiple vulnerabilities in GroupSession | 2025-12-08T17:48+09:00 | 2025-12-11T11:30+09:00 |
| jvndb-2025-000116 | GS Yuasa FULLBACK Manager Pro registers Windows services with unquoted file paths | 2025-12-08T14:06+09:00 | 2025-12-08T14:06+09:00 |
| jvndb-2025-000094 | Multiple vulnerabilities in ABB Terra AC Wallbox | 2025-12-05T14:12+09:00 | 2025-12-05T14:12+09:00 |
| jvndb-2025-000112 | Installer of INZONE Hub may insecurely load Dynamic Link Libraries | 2025-11-28T13:36+09:00 | 2025-11-28T13:36+09:00 |
| jvndb-2025-000111 | SwitchBot Smart Video Doorbell vulnerable to active debug code | 2025-11-26T14:35+09:00 | 2025-11-26T14:35+09:00 |
| jvndb-2025-000110 | Multiple vulnerabilities in Security Point (Windows) of MaLion | 2025-11-25T17:17+09:00 | 2025-11-25T17:17+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| cnvd-2026-10661 | IBM Concert信息泄露漏洞(CNVD-2026-10661) | 2026-01-30 | 2026-02-10 |
| cnvd-2026-10656 | IBM ApplinX跨站请求伪造漏洞(CNVD-2026-10656) | 2026-01-30 | 2026-02-10 |
| cnvd-2026-10655 | IBM ApplinX跨站脚本漏洞 | 2026-01-30 | 2026-02-10 |
| cnvd-2026-10654 | IBM ApplinX未授权访问漏洞 | 2026-01-30 | 2026-02-10 |
| cnvd-2026-10653 | IBM ApplinX信息泄露漏洞(CNVD-2026-10653) | 2026-01-30 | 2026-02-10 |
| cnvd-2026-10638 | Tenda AX1803缓冲区溢出漏洞(CNVD-2026-10638) | 2026-01-30 | 2026-02-09 |
| cnvd-2026-10318 | Tenda AX1806 fromSetSysTime函数堆栈溢出漏洞 | 2026-01-30 | 2026-02-05 |
| cnvd-2026-10317 | Oracle MySQL Server存在未明漏洞(CNVD-2026-10317) | 2026-01-30 | 2026-02-05 |
| cnvd-2026-10316 | Tenda AX1806 deviceList参数堆栈溢出漏洞 | 2026-01-30 | 2026-02-05 |
| cnvd-2026-10313 | Oracle MySQL Server存在未明漏洞(CNVD-2026-10313) | 2026-01-30 | 2026-02-05 |
| cnvd-2026-10312 | Oracle MySQL Server存在未明漏洞(CNVD-2026-10312) | 2026-01-30 | 2026-02-05 |
| cnvd-2026-09811 | OpenEMR未授权访问漏洞 | 2026-01-30 | 2026-01-30 |
| cnvd-2026-09793 | Apache Solr输入验证错误漏洞 | 2026-01-30 | 2026-01-30 |
| cnvd-2026-09792 | Apache Linkis信息泄露漏洞(CNVD-2026-09792) | 2026-01-30 | 2026-01-30 |
| cnvd-2026-09791 | Apache Linkis授权问题漏洞 | 2026-01-30 | 2026-01-30 |
| cnvd-2026-09790 | Apache Airflow信息泄露漏洞 | 2026-01-30 | 2026-01-30 |
| cnvd-2026-09789 | Apache Hadoop HDFS越界写入漏洞 | 2026-01-30 | 2026-01-30 |
| cnvd-2026-09634 | MedDream PACS Premium notifynewstudy功能跨站脚本漏洞 | 2026-01-30 | 2026-02-04 |
| cnvd-2026-09633 | MedDream PACS Premium modifyTranscript功能跨站脚本漏洞 | 2026-01-30 | 2026-02-04 |
| cnvd-2026-09632 | MedDream PACS Premium modifyRoute功能跨站脚本漏洞 | 2026-01-30 | 2026-02-04 |
| cnvd-2026-09631 | MedDream PACS Premium modifyHL7Route功能跨站脚本漏洞 | 2026-01-30 | 2026-02-04 |
| cnvd-2026-09630 | MedDream PACS Premium modifyHL7App功能跨站脚本漏洞 | 2026-01-30 | 2026-02-03 |
| cnvd-2026-09629 | MedDream PACS Premium modifyEmail功能跨站脚本漏洞 | 2026-01-30 | 2026-02-04 |
| cnvd-2026-09628 | MedDream PACS Premium modifyCoercion功能跨站脚本漏洞 | 2026-01-30 | 2026-02-04 |
| cnvd-2026-09627 | MedDream PACS Premium modifyAutopurgeFilter功能跨站脚本漏洞 | 2026-01-30 | 2026-02-04 |
| cnvd-2026-09626 | MedDream PACS Premium modifyAeTitle功能跨站脚本漏洞 | 2026-01-30 | 2026-02-04 |
| cnvd-2026-09625 | MedDream PACS Premium ldapUser功能跨站脚本漏洞 | 2026-01-30 | 2026-02-04 |
| cnvd-2026-09624 | MedDream PACS Premium fetchPriorStudies功能跨站脚本漏洞 | 2026-01-30 | 2026-02-04 |
| cnvd-2026-09623 | MedDream PACS Premium existingUser功能跨站脚本漏洞 | 2026-01-30 | 2026-02-03 |
| cnvd-2026-09622 | MedDream PACS Premium encapsulatedDoc功能跨站脚本漏洞 | 2026-01-30 | 2026-02-03 |
| ID | Description | Published | Updated |
|---|---|---|---|
| bdu:2026-01814 | Уязвимость программного обеспечения Microsoft ACI Confidential Containers, связанная с хр… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01813 | Уязвимость программного обеспечения Azure IoT Explorer, связанная с привязкой к открытым … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01812 | Уязвимость почтового сервера Microsoft Exchange Server, связанная с ошибками представлени… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01811 | Уязвимость службы аналитики данных Azure HDInsights, связанная с непринятием мер по защит… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01810 | Уязвимость редактора электронных таблиц Microsoft Excel пакетов программ Microsoft Office… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01809 | Уязвимость службы хранилища данных Windows Storage Services операционных систем Windows, … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01808 | Уязвимость реализации протокола NTLM операционных систем Windows, позволяющая нарушителю … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01807 | Уязвимость системы аппаратной виртуализации Hyper-V операционной системы Windows, позволя… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01806 | Уязвимость механизма CCF (Cluster Client Failover) операционных систем Windows, позволяющ… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01805 | Уязвимость драйвера HTTP.sys операционных систем Windows, позволяющая нарушителю повысить… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01804 | Уязвимость ядра операционных систем Windows, позволяющая нарушителю повысить свои привилегии | 16.02.2026 | 16.02.2026 |
| bdu:2026-01803 | Уязвимость драйвера WinSock операционных систем Windows, позволяющая нарушителю повысить … | 16.02.2026 | 16.02.2026 |
| bdu:2026-01802 | Уязвимость ядра операционных систем Windows, позволяющая нарушителю повысить свои привилегии | 16.02.2026 | 16.02.2026 |
| bdu:2026-01801 | Уязвимость драйвера HTTP.sys операционных систем Windows, позволяющая нарушителю повысить… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01800 | Уязвимость ядра операционных систем Windows, позволяющая нарушителю повысить свои привилегии | 16.02.2026 | 16.02.2026 |
| bdu:2026-01799 | Уязвимость ядра операционных систем Windows, позволяющая нарушителю раскрыть защищаемую и… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01798 | Уязвимость программы для шифрования информации и создания электронных цифровых подписей G… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01797 | Уязвимость функции _bfd_elf_slurp_version_tables() компонента bfd/elf.c программного сред… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01796 | Уязвимость компонента libbfd.c программного средства разработки GNU Binutils, позволяющая… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01795 | Уязвимость программного средства управления конечными точками Ivanti Endpoint Manager, св… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01794 | Уязвимость функции usbg_make_tpg() модуля drivers/usb/gadget/function/f_tcm.c драйвера га… | 16.02.2026 | 16.02.2026 |
| bdu:2026-01792 | Уязвимость программного средства локальной инфраструктуры Azure Local, связанная с ошибка… | 13.02.2026 | 16.02.2026 |
| bdu:2026-01791 | Уязвимость средства разработки программного обеспечения Microsoft Visual Studio, связанна… | 13.02.2026 | 13.02.2026 |
| bdu:2026-01790 | Уязвимость Защитника Microsoft (Microsoft Defender for Endpoint) операционных систем Linu… | 13.02.2026 | 13.02.2026 |
| bdu:2026-01789 | Уязвимость редактора исходного кода Microsoft Visual Studio Code, связанная с ошибками си… | 13.02.2026 | 13.02.2026 |
| bdu:2026-01788 | Уязвимость сервиса Azure AI Language Authoring, связанная с недостатками механизма десери… | 13.02.2026 | 13.02.2026 |
| bdu:2026-01787 | Уязвимость средства разработки программного обеспечения Microsoft Visual Studio, связанна… | 13.02.2026 | 13.02.2026 |
| bdu:2026-01786 | Уязвимость компонента Windows Installer приложения Windows App, позволяющая нарушителю по… | 13.02.2026 | 13.02.2026 |
| bdu:2026-01785 | Уязвимость редактора исходного кода Microsoft Visual Studio Code, связанная с непринятием… | 13.02.2026 | 13.02.2026 |
| bdu:2026-01784 | Уязвимость средства разработки программного обеспечения Azure DevOps Server, связанная с … | 13.02.2026 | 13.02.2026 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2026-avi-0173 | Multiples vulnérabilités dans les produits Mattermost | 2026-02-16T00:00:00.000000 | 2026-02-16T00:00:00.000000 |
| certfr-2026-avi-0172 | Vulnérabilité dans Google Chrome | 2026-02-16T00:00:00.000000 | 2026-02-16T00:00:00.000000 |
| certfr-2026-avi-0171 | Multiples vulnérabilités dans les produits IBM | 2026-02-13T00:00:00.000000 | 2026-02-13T00:00:00.000000 |
| certfr-2026-avi-0170 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2026-02-13T00:00:00.000000 | 2026-02-13T00:00:00.000000 |
| certfr-2026-avi-0169 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2026-02-13T00:00:00.000000 | 2026-02-13T00:00:00.000000 |
| certfr-2026-avi-0168 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2026-02-13T00:00:00.000000 | 2026-02-13T00:00:00.000000 |
| certfr-2026-avi-0167 | Multiples vulnérabilités dans le noyau Linux de Debian LTS | 2026-02-13T00:00:00.000000 | 2026-02-13T00:00:00.000000 |
| certfr-2026-avi-0166 | Multiples vulnérabilités dans le noyau Linux de Debian | 2026-02-13T00:00:00.000000 | 2026-02-13T00:00:00.000000 |
| certfr-2026-avi-0165 | Vulnérabilité dans Mattermost Server | 2026-02-13T00:00:00.000000 | 2026-02-13T00:00:00.000000 |
| certfr-2026-avi-0164 | Multiples vulnérabilités dans PostgreSQL | 2026-02-13T00:00:00.000000 | 2026-02-13T00:00:00.000000 |
| certfr-2026-avi-0163 | Multiples vulnérabilités dans HAProxy | 2026-02-13T00:00:00.000000 | 2026-02-13T00:00:00.000000 |
| certfr-2026-avi-0162 | Multiples vulnérabilités dans Juniper Networks Secure Analytics | 2026-02-13T00:00:00.000000 | 2026-02-13T00:00:00.000000 |
| certfr-2026-avi-0161 | Vulnérabilité dans Tenable Nessus Agent | 2026-02-13T00:00:00.000000 | 2026-02-13T00:00:00.000000 |
| certfr-2026-avi-0160 | Multiples vulnérabilités dans les produits Palo Alto Networks | 2026-02-12T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| certfr-2026-avi-0159 | Multiples vulnérabilités dans Keycloak | 2026-02-12T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| certfr-2026-avi-0158 | Multiples vulnérabilités dans les produits Apple | 2026-02-12T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| certfr-2026-avi-0157 | Multiples vulnérabilités dans les produits Qnap | 2026-02-12T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| certfr-2026-avi-0156 | Multiples vulnérabilités dans Google Chrome | 2026-02-12T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| certfr-2026-avi-0155 | Multiples vulnérabilités dans SPIP | 2026-02-12T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| certfr-2026-avi-0154 | Vulnérabilité dans Traefik | 2026-02-12T00:00:00.000000 | 2026-02-12T00:00:00.000000 |
| certfr-2026-avi-0153 | Multiples vulnérabilités dans les produits Microsoft | 2026-02-11T00:00:00.000000 | 2026-02-11T00:00:00.000000 |
| certfr-2026-avi-0152 | Multiples vulnérabilités dans Microsoft Azure | 2026-02-11T00:00:00.000000 | 2026-02-11T00:00:00.000000 |
| certfr-2026-avi-0151 | Vulnérabilité dans Microsoft .Net | 2026-02-11T00:00:00.000000 | 2026-02-11T00:00:00.000000 |
| certfr-2026-avi-0150 | Multiples vulnérabilités dans Microsoft Windows | 2026-02-11T00:00:00.000000 | 2026-02-11T00:00:00.000000 |
| certfr-2026-avi-0149 | Multiples vulnérabilités dans Microsoft Office | 2026-02-11T00:00:00.000000 | 2026-02-11T00:00:00.000000 |
| certfr-2026-avi-0148 | Multiples vulnérabilités dans les produits Intel | 2026-02-11T00:00:00.000000 | 2026-02-11T00:00:00.000000 |
| certfr-2026-avi-0147 | Multiples vulnérabilités dans les produits Fortinet | 2026-02-11T00:00:00.000000 | 2026-02-11T00:00:00.000000 |
| certfr-2026-avi-0146 | Multiples vulnérabilités dans GitLab | 2026-02-11T00:00:00.000000 | 2026-02-11T00:00:00.000000 |
| certfr-2026-avi-0145 | Multiples vulnérabilités dans les produits HPE Aruba Networking | 2026-02-11T00:00:00.000000 | 2026-02-11T00:00:00.000000 |
| certfr-2026-avi-0144 | Multiples vulnérabilités dans Ivanti Endpoint Manager | 2026-02-11T00:00:00.000000 | 2026-02-13T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2023-ale-013 | Vulnérabilité dans Apache Struts 2 | 2023-12-13T00:00:00.000000 | 2024-02-16T00:00:00.000000 |
| certfr-2023-ale-006 | Vulnérabilité dans les produits Microsoft | 2023-12-12T00:00:00.000000 | 2023-07-12T00:00:00.000000 |
| certfr-2023-ale-012 | [MàJ] Vulnérabilité dans Citrix NetScaler ADC et NetScaler Gateway | 2023-10-23T00:00:00.000000 | 2024-02-16T00:00:00.000000 |
| certfr-2023-ale-011 | [MàJ] Multiples vulnérabilités dans Cisco IOS XE | 2023-10-17T00:00:00.000000 | 2024-02-16T00:00:00.000000 |
| certfr-2023-ale-010 | Multiples vulnérabilités dans Exim | 2023-10-02T00:00:00.000000 | 2024-02-16T00:00:00.000000 |
| certfr-2023-ale-009 | [MàJ] Multiples vulnérabilités dans Ivanti Endpoint Manager Mobile | 2023-07-26T00:00:00.000000 | 2023-09-15T00:00:00.000000 |
| certfr-2023-ale-008 | [MàJ] Vulnérabilité dans Citrix NetScaler ADC et NetScaler Gateway | 2023-07-19T00:00:00.000000 | 2024-01-02T00:00:00.000000 |
| certfr-2023-ale-007 | [MàJ] Vulnérabilité dans Zimbra Collaboration Suite | 2023-07-17T00:00:00.000000 | 2024-01-02T00:00:00.000000 |
| certfr-2023-ale-005 | Synthèse sur l'exploitation d'une vulnérabilité dans MOVEit Transfer | 2023-07-05T00:00:00.000000 | 2023-09-11T00:00:00.000000 |
| certfr-2023-ale-004 | Vulnérabilité dans les produits Fortinet | 2023-06-13T00:00:00.000000 | 2023-09-11T00:00:00.000000 |
| certfr-2023-ale-003 | [MàJ] Compromission de l'application 3CX Desktop App | 2023-03-31T00:00:00.000000 | 2023-04-12T00:00:00.000000 |
| certfr-2023-ale-002 | [MàJ] Vulnérabilité dans Microsoft Outlook | 2023-03-15T00:00:00.000000 | 2023-05-11T00:00:00.000000 |
| certfr-2023-ale-001 | Vulnérabilité dans Fortinet FortiOS | 2023-03-14T00:00:00.000000 | 2023-03-14T00:00:00.000000 |
| certfr-2023-ale-015 | [MàJ] Campagne d'exploitation d'une vulnérabilité affectant VMware ESXi | 2023-02-03T00:00:00.000000 | 2023-03-14T00:00:00.000000 |
| certfr-2022-ale-014 | Multiples vulnérabilités dans AMI MegaRAC | 2022-12-16T00:00:00.000000 | 2023-09-11T00:00:00.000000 |
| certfr-2022-ale-013 | [MàJ] Vulnérabilité dans Citrix ADC et Gateway | 2022-12-13T00:00:00.000000 | 2023-03-14T00:00:00.000000 |
| certfr-2022-ale-012 | [MàJ] Vulnérabilité dans FortiOS SSL-VPN | 2022-12-13T00:00:00.000000 | 2022-12-20T00:00:00.000000 |
| certfr-2022-ale-011 | Vulnérabilité dans les produits Fortinet | 2022-10-14T00:00:00.000000 | 2022-10-14T00:00:00.000000 |
| certfr-2022-ale-010 | Multiples vulnérabilités dans GLPI | 2022-10-07T00:00:00.000000 | 2023-03-14T00:00:00.000000 |
| certfr-2022-ale-009 | [MaJ] Vulnérabilité dans Zimbra Collaboration | 2022-10-07T00:00:00.000000 | 2023-03-14T00:00:00.000000 |
| certfr-2022-ale-008 | [MaJ] Multiples vulnérabilités dans Microsoft Exchange | 2022-09-30T00:00:00.000000 | 2023-03-14T00:00:00.000000 |
| certfr-2022-ale-007 | Multiples vulnérabilités dans Microsoft Windows | 2022-09-16T00:00:00.000000 | 2023-03-14T00:00:00.000000 |
| certfr-2022-ale-006 | [MàJ] Vulnérabilité dans Atlassian Confluence | 2022-06-03T00:00:00.000000 | 2022-10-07T00:00:00.000000 |
| certfr-2022-ale-005 | [MàJ] Vulnérabilité dans Microsoft Windows | 2022-05-31T00:00:00.000000 | 2022-09-16T00:00:00.000000 |
| certfr-2022-ale-004 | Vulnérabilité dans F5 BIG-IP | 2022-05-11T00:00:00.000000 | 2022-09-16T00:00:00.000000 |
| certfr-2022-ale-003 | [MàJ] Vulnérabilité dans l'implémentation du protocole RPC par Microsoft | 2022-04-13T00:00:00.000000 | 2022-05-04T00:00:00.000000 |
| certfr-2022-ale-002 | Vulnérabilité dans VMware Spring Cloud Gateway | 2022-03-03T00:00:00.000000 | 2022-10-07T00:00:00.000000 |
| certfr-2022-ale-001 | [MaJ] Vulnérabilité dans Microsoft Windows | 2022-01-12T00:00:00.000000 | 2022-05-04T00:00:00.000000 |
| certfr-2021-ale-022 | [MaJ] Vulnérabilité dans Apache Log4j | 2021-12-10T00:00:00.000000 | 2022-05-04T00:00:00.000000 |
| certfr-2021-ale-021 | Vulnérabilité dans Microsoft Exchange | 2021-11-10T00:00:00.000000 | 2022-05-04T00:00:00.000000 |
| ID | Description | Published | Updated |
|---|---|---|---|
| osv-2026-86 | Security exception in java.base/java.util.Arrays.copyOfRange | 2026-01-18T00:18:18.214799Z | 2026-01-18T00:18:18.215108Z |
| osv-2025-1061 | Security exception in org.apache.poi.hssf.record.aggregates.SharedValueManager$SharedFormulaGroup.<ini | 2026-01-18T00:03:40.245475Z | 2026-01-21T14:26:21.135983Z |
| osv-2026-74 | Heap-buffer-overflow in ___interceptor_strtol | 2026-01-17T00:19:48.575833Z | 2026-01-17T00:19:48.576151Z |
| osv-2026-55 | Use-of-uninitialized-value in vp9_quantize_fp_avx2 | 2026-01-15T00:19:29.465463Z | 2026-01-15T00:19:29.465794Z |
| osv-2026-54 | Heap-use-after-free in _dwarf_exec_frame_instr | 2026-01-15T00:17:17.477757Z | 2026-01-15T00:17:17.478056Z |
| osv-2026-53 | Heap-use-after-free in graph::LigatureSubstFormat1::shrink | 2026-01-15T00:16:26.117926Z | 2026-01-15T00:16:26.118291Z |
| osv-2026-30 | Use-of-uninitialized-value in vp9_quantize_fp_avx2 | 2026-01-11T00:08:32.391680Z | 2026-01-11T00:08:32.392050Z |
| osv-2026-21 | Use-of-uninitialized-value in processTLSBlock | 2026-01-09T00:20:25.200679Z | 2026-01-09T00:20:25.201303Z |
| osv-2026-2 | Heap-buffer-overflow in cmt_mpack_consume_uint_tag | 2026-01-03T00:15:15.907754Z | 2026-01-03T00:15:15.908130Z |
| osv-2025-1049 | Heap-buffer-overflow in unsigned char* std::__1::vector<unsigned char, std::__1::allocator<unsigned char | 2025-12-31T00:18:06.669541Z | 2025-12-31T00:18:06.670109Z |
| osv-2025-1004 | Security exception in com.code_intelligence.jazzer.sanitizers.RegexInjection.hookInternal | 2025-12-21T00:18:27.214786Z | 2025-12-21T00:18:27.215115Z |
| osv-2025-1001 | Dynamic-stack-buffer-overflow in _ox_err_set_with_location | 2025-12-21T00:04:56.743119Z | 2025-12-21T00:04:56.743638Z |
| osv-2025-994 | Heap-buffer-overflow in rx_icmp | 2025-12-18T00:00:43.710332Z | 2025-12-21T14:32:46.078182Z |
| osv-2025-989 | Bad-cast to UT_hash_bucket' (aka 'struct UT_hash_bucket')password_file__cleanup | 2025-12-17T00:01:12.806838Z | 2025-12-17T00:01:12.807184Z |
| osv-2025-983 | Dynamic-stack-buffer-overflow in _ox_err_set_with_location | 2025-12-14T00:14:21.963982Z | 2025-12-14T00:14:21.964726Z |
| osv-2025-970 | Heap-buffer-overflow in check_sync_pes | 2025-12-05T00:18:22.703657Z | 2025-12-05T00:18:22.704029Z |
| osv-2025-965 | Stack-use-after-scope in Assimp::FBX::FBXExportProperty::FBXExportProperty | 2025-12-04T00:10:11.975493Z | 2025-12-04T00:10:11.975920Z |
| osv-2025-959 | Heap-buffer-overflow in re_parse_term | 2025-11-29T00:18:54.036831Z | 2025-11-29T00:18:54.037236Z |
| osv-2025-955 | Use-of-uninitialized-value in decoder_context::construct_reference_picture_lists | 2025-11-29T00:15:46.812919Z | 2025-11-29T00:15:46.813402Z |
| osv-2025-938 | Use-of-uninitialized-value in comp_func_SourceOver_avx2 | 2025-11-23T00:03:38.943405Z | 2025-11-23T00:03:38.943780Z |
| osv-2025-932 | Heap-use-after-free in password_file__cleanup | 2025-11-22T00:01:32.642847Z | 2025-11-22T00:01:32.643269Z |
| osv-2025-926 | Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement | 2025-11-21T00:05:31.621567Z | 2025-11-21T00:05:31.621958Z |
| osv-2025-906 | Use-of-uninitialized-value in QImage::pixel | 2025-11-18T00:08:20.557059Z | 2025-11-18T00:08:20.557392Z |
| osv-2025-901 | Heap-use-after-free in apache::thrift::protocol::TCompactProtocolT<apache::thrift::transport::TMemoryBu | 2025-11-17T00:02:08.125421Z | 2025-11-17T00:02:08.125970Z |
| osv-2025-900 | Heap-buffer-overflow in DecodeFrame | 2025-11-15T00:18:33.800030Z | 2025-11-15T00:18:33.800379Z |
| osv-2025-890 | Heap-buffer-overflow in icalmemory_tmp_copy | 2025-11-10T00:03:23.954817Z | 2025-11-10T00:03:23.955223Z |
| osv-2025-884 | Heap-use-after-free in JS_DefineProperty | 2025-11-08T00:17:46.632315Z | 2025-11-08T00:17:46.633033Z |
| osv-2025-879 | Use-of-uninitialized-value in JS_DefineProperty | 2025-11-06T00:00:41.075031Z | 2025-11-06T00:00:41.075637Z |
| osv-2025-876 | Stack-buffer-overflow in snmp_input | 2025-11-04T00:06:41.671822Z | 2025-11-04T00:06:41.672467Z |
| osv-2025-871 | UNKNOWN READ in ojph::local::param_cod::~param_cod | 2025-11-03T00:01:55.461376Z | 2025-11-16T14:04:09.695272Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rustsec-2025-0150 | `finch-rst` was removed from crates.io for malicious code | 2025-12-09T12:00:00Z | 2026-02-13T04:43:42Z |
| rustsec-2025-0135 | matrix-sdk-base: Denial of service due to custom `m.room.join_rules` events | 2025-12-08T12:00:00Z | 2025-12-08T12:23:54Z |
| rustsec-2025-0148 | `finch-rust` was removed from crates.io for malicious code | 2025-12-05T12:00:00Z | 2026-02-23T07:15:28Z |
| rustsec-2025-0146 | `sha-rust` was removed from crates.io for malicious code | 2025-12-05T12:00:00Z | 2026-02-23T07:15:28Z |
| rustsec-2025-0133 | Incorrect calculation on aarch64 | 2025-12-04T12:00:00Z | 2025-12-06T07:36:56Z |
| rustsec-2025-0147 | `evm-units` was removed from crates.io for malicious code | 2025-12-03T12:00:00Z | 2026-02-23T07:15:28Z |
| rustsec-2025-0145 | `uniswap-utils` was removed from crates.io for malicious code | 2025-12-03T12:00:00Z | 2026-02-23T07:15:28Z |
| rustsec-2025-0134 | rustls-pemfile is unmaintained | 2025-11-28T12:00:00Z | 2025-12-05T19:07:24Z |
| rustsec-2025-0132 | `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe | 2025-11-28T12:00:00Z | 2025-12-02T06:03:09Z |
| rustsec-2025-0130 | Missing check in ZK proof in CGGMP21 Threshold Signing Protocol | 2025-11-24T12:00:00Z | 2025-11-26T06:00:45Z |
| rustsec-2025-0129 | Missing check in ZK proof in CGGMP21 Threshold Signing Protocol | 2025-11-24T12:00:00Z | 2025-11-26T06:00:45Z |
| rustsec-2025-0128 | CGGMP21 presignatures can be used in the way that significantly reduces security | 2025-11-24T12:00:00Z | 2025-11-26T06:00:45Z |
| rustsec-2025-0127 | CGGMP21 presignatures can be used in the way that significantly reduces security | 2025-11-24T12:00:00Z | 2025-11-26T06:00:45Z |
| rustsec-2025-0125 | Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS | 2025-11-22T12:00:00Z | 2025-11-22T12:29:36Z |
| rustsec-2025-0153 | hexchat crate is unsound and unmaintained | 2025-11-17T12:00:00Z | 2026-02-24T10:32:45Z |
| rustsec-2025-0124 | rand_os crate is unmaintained | 2025-11-17T12:00:00Z | 2025-11-19T20:48:42Z |
| rustsec-2025-0123 | opentelemetry-jaeger crate is unmaintained | 2025-11-17T12:00:00Z | 2025-11-18T12:07:07Z |
| rustsec-2025-0122 | cargo-asm crate is unmaintained | 2025-11-17T12:00:00Z | 2025-11-18T09:02:31Z |
| rustsec-2025-0121 | gcc crate is unmaintained | 2025-11-17T12:00:00Z | 2025-11-18T08:52:10Z |
| rustsec-2025-0119 | number_prefix crate is unmaintained | 2025-11-17T12:00:00Z | 2025-11-18T08:13:56Z |
| rustsec-2025-0120 | json5 crate is unmaintained | 2025-11-16T12:00:00Z | 2025-11-30T00:15:16Z |
| rustsec-2025-0118 | Unsound API access to a WebAssembly shared linear memory | 2025-11-11T12:00:00Z | 2025-11-13T16:55:40Z |
| rustsec-2025-0117 | tandem is unmaintained | 2025-11-10T12:00:00Z | 2025-11-10T11:31:14Z |
| rustsec-2025-0116 | tandem_garble_interop is unmaintained | 2025-11-10T12:00:00Z | 2025-11-10T11:31:14Z |
| rustsec-2025-0115 | tandem_http_server is unmaintained | 2025-11-10T12:00:00Z | 2025-11-10T11:31:14Z |
| rustsec-2025-0114 | tandem_http_client is unmaintained | 2025-11-10T12:00:00Z | 2025-11-10T11:31:14Z |
| rustsec-2025-0136 | Underflow in aes_key_unwrap function | 2025-11-07T12:00:00Z | 2025-12-17T06:01:32Z |
| rustsec-2025-0131 | Lack of sufficient checks in public API | 2025-10-31T12:00:00Z | 2025-12-02T06:03:09Z |
| rustsec-2025-0111 | `tokio-tar` parses PAX extended headers incorrectly, allows file smuggling | 2025-10-21T12:00:00Z | 2026-01-17T07:44:05Z |
| rustsec-2025-0110 | astral-tokio-tar Vulnerable to PAX Header Desynchronization | 2025-10-21T12:00:00Z | 2025-10-25T11:18:52Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| alsa-2026:2323 | Important: git-lfs security update | 2026-02-09T00:00:00Z | 2026-02-11T11:02:49Z |
| alsa-2026:2286 | Important: thunderbird security update | 2026-02-09T00:00:00Z | 2026-02-09T12:36:11Z |
| alsa-2026:2282 | Moderate: kernel security update | 2026-02-09T00:00:00Z | 2026-02-12T10:29:43Z |
| alsa-2026:2271 | Important: firefox security update | 2026-02-09T00:00:00Z | 2026-02-09T11:39:07Z |
| alsa-2026:2264 | Moderate: kernel security update | 2026-02-09T00:00:00Z | 2026-02-09T11:47:42Z |
| alsa-2026:2230 | Important: fontforge security update | 2026-02-09T00:00:00Z | 2026-02-10T10:04:33Z |
| alsa-2026:2225 | Critical: keylime security update | 2026-02-09T00:00:00Z | 2026-02-10T10:06:14Z |
| alsa-2026:2224 | Critical: keylime security update | 2026-02-09T00:00:00Z | 2026-02-11T15:22:49Z |
| alsa-2026:2222 | Important: freerdp security update | 2026-02-09T00:00:00Z | 2026-02-10T10:08:14Z |
| alsa-2026:2220 | Important: thunderbird security update | 2026-02-09T00:00:00Z | 2026-02-10T07:45:12Z |
| alsa-2026:2216 | Important: libsoup security update | 2026-02-09T00:00:00Z | 2026-02-10T10:37:43Z |
| alsa-2026:2215 | Important: libsoup security update | 2026-02-09T00:00:00Z | 2026-02-09T11:36:21Z |
| alsa-2026:2212 | Moderate: kernel security update | 2026-02-09T00:00:00Z | 2026-02-12T10:34:27Z |
| alsa-2026:2182 | Important: libsoup3 security update | 2026-02-05T00:00:00Z | 2026-02-06T17:31:52Z |
| alsa-2026:2128 | Moderate: python3 security update | 2026-02-05T00:00:00Z | 2026-02-06T08:39:22Z |
| alsa-2026:2124 | Important: osbuild-composer security update | 2026-02-05T00:00:00Z | 2026-02-09T11:33:23Z |
| alsa-2026:2090 | Important: python3.12-wheel security update | 2026-02-05T00:00:00Z | 2026-02-06T08:49:17Z |
| alsa-2026:2081 | Important: freerdp security update | 2026-02-05T00:00:00Z | 2026-02-06T08:53:33Z |
| alsa-2026:2048 | Important: freerdp security update | 2026-02-05T00:00:00Z | 2026-02-10T07:49:11Z |
| alsa-2026:2042 | Important: brotli security update | 2026-02-05T00:00:00Z | 2026-02-05T12:08:23Z |
| alsa-2026:2039 | Important: fontforge security update | 2026-02-05T00:00:00Z | 2026-02-06T21:29:46Z |
| alsa-2026:1939 | Important: python3.12-wheel security update | 2026-02-04T00:00:00Z | 2026-02-10T07:52:01Z |
| alsa-2026:1913 | Moderate: util-linux security update | 2026-02-04T00:00:00Z | 2026-02-10T07:54:49Z |
| alsa-2026:1908 | Important: opentelemetry-collector security update | 2026-02-04T00:00:00Z | 2026-02-10T07:56:31Z |
| alsa-2026:1907 | Important: opentelemetry-collector security update | 2026-02-04T00:00:00Z | 2026-02-10T07:58:47Z |
| alsa-2026:1906 | Important: fence-agents security update | 2026-02-04T00:00:00Z | 2026-02-10T08:07:49Z |
| alsa-2026:1905 | Important: fence-agents security update | 2026-02-04T00:00:00Z | 2026-02-10T08:20:49Z |
| alsa-2026:1904 | Important: resource-agents security update | 2026-02-04T00:00:00Z | 2026-02-10T08:22:54Z |
| alsa-2026:1903 | Important: fence-agents security update | 2026-02-04T00:00:00Z | 2026-02-10T08:31:08Z |
| alsa-2026:1902 | Important: python-wheel security update | 2026-02-04T00:00:00Z | 2026-02-05T09:52:44Z |